cve-tracking-system

majiayu000

Updated Today

1 views

Othergeneral

About

This Claude Skill is a CVE tracking expert for vulnerability management, security advisories, and patch prioritization. It helps developers monitor CVE databases, interpret CVSS scores, and manage remediation workflows. Use it for triaging vulnerabilities, planning patches, and generating compliance reports.

Quick Install

Claude Code

Recommended

Plugin CommandRecommended

/plugin add https://github.com/majiayu000/claude-skill-registry

Git CloneAlternative

git clone https://github.com/majiayu000/claude-skill-registry.git ~/.claude/skills/cve-tracking-system

Copy and paste this command in Claude Code to install this skill

Documentation

CVE Tracking System Expert

Эксперт по отслеживанию уязвимостей и управлению безопасностью.

Core Competencies

CVE Management

CVE database monitoring
CVSS scoring interpretation
Vulnerability prioritization
NVD/MITRE integration

Vulnerability Workflow

Triage и assessment
Remediation planning
Patch management
Verification testing

Compliance & Reporting

Security advisories
Audit reporting
SLA tracking
Executive dashboards

CVE Data Standards

CVE ID Format

CVE-YYYY-NNNNN
│    │    │
│    │    └─ Sequential number (4-7 digits)
│    └────── Year of assignment
└─────────── Prefix

CVSS v3.1 Metrics

Base Score (0-10):
  Attack Vector (AV):
    - Network (N): 0.85
    - Adjacent (A): 0.62
    - Local (L): 0.55
    - Physical (P): 0.20

  Attack Complexity (AC):
    - Low (L): 0.77
    - High (H): 0.44

  Privileges Required (PR):
    - None (N): 0.85
    - Low (L): 0.62/0.68
    - High (H): 0.27/0.50

  User Interaction (UI):
    - None (N): 0.85
    - Required (R): 0.62

  Scope (S):
    - Unchanged (U)
    - Changed (C)

  Impact (CIA):
    - Confidentiality: None/Low/High
    - Integrity: None/Low/High
    - Availability: None/Low/High

Severity Levels

Score	Rating	Color
9.0-10.0	Critical	Red
7.0-8.9	High	Orange
4.0-6.9	Medium	Yellow
0.1-3.9	Low	Green
0.0	None	Gray

NVD API Integration

import requests
from datetime import datetime, timedelta

class NVDClient:
    BASE_URL = "https://services.nvd.nist.gov/rest/json/cves/2.0"

    def __init__(self, api_key: str = None):
        self.api_key = api_key
        self.headers = {"apiKey": api_key} if api_key else {}

    def get_recent_cves(self, days: int = 7) -> list:
        """Fetch CVEs from the last N days."""
        end_date = datetime.utcnow()
        start_date = end_date - timedelta(days=days)

        params = {
            "pubStartDate": start_date.strftime("%Y-%m-%dT%H:%M:%S.000"),
            "pubEndDate": end_date.strftime("%Y-%m-%dT%H:%M:%S.000")
        }

        response = requests.get(
            self.BASE_URL,
            params=params,
            headers=self.headers
        )
        response.raise_for_status()

        return self._parse_cves(response.json())

    def search_by_keyword(self, keyword: str) -> list:
        """Search CVEs by keyword."""
        params = {"keywordSearch": keyword}
        response = requests.get(
            self.BASE_URL,
            params=params,
            headers=self.headers
        )
        return self._parse_cves(response.json())

    def get_by_cpe(self, cpe: str) -> list:
        """Get CVEs affecting a specific CPE."""
        params = {"cpeName": cpe}
        response = requests.get(
            self.BASE_URL,
            params=params,
            headers=self.headers
        )
        return self._parse_cves(response.json())

    def _parse_cves(self, data: dict) -> list:
        """Parse NVD response into structured CVE objects."""
        cves = []
        for item in data.get("vulnerabilities", []):
            cve = item.get("cve", {})
            cves.append({
                "id": cve.get("id"),
                "published": cve.get("published"),
                "description": self._get_description(cve),
                "cvss": self._get_cvss(cve),
                "affected_products": self._get_cpe(cve)
            })
        return cves

    def _get_description(self, cve: dict) -> str:
        descriptions = cve.get("descriptions", [])
        for desc in descriptions:
            if desc.get("lang") == "en":
                return desc.get("value", "")
        return ""

    def _get_cvss(self, cve: dict) -> dict:
        metrics = cve.get("metrics", {})
        if "cvssMetricV31" in metrics:
            return metrics["cvssMetricV31"][0]["cvssData"]
        if "cvssMetricV30" in metrics:
            return metrics["cvssMetricV30"][0]["cvssData"]
        return {}

CVSS Calculator

class CVSSCalculator:
    """CVSS v3.1 Base Score Calculator."""

    WEIGHTS = {
        "AV": {"N": 0.85, "A": 0.62, "L": 0.55, "P": 0.20},
        "AC": {"L": 0.77, "H": 0.44},
        "PR": {
            "U": {"N": 0.85, "L": 0.62, "H": 0.27},
            "C": {"N": 0.85, "L": 0.68, "H": 0.50}
        },
        "UI": {"N": 0.85, "R": 0.62},
        "C": {"H": 0.56, "L": 0.22, "N": 0},
        "I": {"H": 0.56, "L": 0.22, "N": 0},
        "A": {"H": 0.56, "L": 0.22, "N": 0}
    }

    def calculate(self, vector: dict) -> dict:
        """Calculate CVSS score from vector components."""
        scope = vector.get("S", "U")

        # Impact Sub Score
        isc_base = 1 - (
            (1 - self.WEIGHTS["C"][vector["C"]]) *
            (1 - self.WEIGHTS["I"][vector["I"]]) *
            (1 - self.WEIGHTS["A"][vector["A"]])
        )

        if scope == "U":
            impact = 6.42 * isc_base
        else:
            impact = 7.52 * (isc_base - 0.029) - 3.25 * pow(isc_base - 0.02, 15)

        # Exploitability Sub Score
        exploitability = (
            8.22 *
            self.WEIGHTS["AV"][vector["AV"]] *
            self.WEIGHTS["AC"][vector["AC"]] *
            self.WEIGHTS["PR"][scope][vector["PR"]] *
            self.WEIGHTS["UI"][vector["UI"]]
        )

        # Base Score
        if impact <= 0:
            base_score = 0
        elif scope == "U":
            base_score = min(impact + exploitability, 10)
        else:
            base_score = min(1.08 * (impact + exploitability), 10)

        return {
            "base_score": round(base_score, 1),
            "impact": round(impact, 1),
            "exploitability": round(exploitability, 1),
            "severity": self._get_severity(base_score)
        }

    def _get_severity(self, score: float) -> str:
        if score >= 9.0: return "CRITICAL"
        if score >= 7.0: return "HIGH"
        if score >= 4.0: return "MEDIUM"
        if score > 0: return "LOW"
        return "NONE"

Asset Inventory & CPE Matching

class AssetInventory:
    """Track software assets and match against CVEs."""

    def __init__(self):
        self.assets = []

    def add_asset(self, asset: dict):
        """Add software asset to inventory."""
        self.assets.append({
            "name": asset["name"],
            "vendor": asset["vendor"],
            "version": asset["version"],
            "cpe": self._generate_cpe(asset),
            "criticality": asset.get("criticality", "medium"),
            "environment": asset.get("environment", "production")
        })

    def _generate_cpe(self, asset: dict) -> str:
        """Generate CPE 2.3 string for asset."""
        return f"cpe:2.3:a:{asset['vendor']}:{asset['name']}:{asset['version']}:*:*:*:*:*:*:*"

    def find_affected(self, cve_cpes: list) -> list:
        """Find assets affected by CVE."""
        affected = []
        for asset in self.assets:
            for cve_cpe in cve_cpes:
                if self._cpe_matches(asset["cpe"], cve_cpe):
                    affected.append(asset)
                    break
        return affected

    def _cpe_matches(self, asset_cpe: str, cve_cpe: str) -> bool:
        """Check if asset CPE matches CVE CPE pattern."""
        asset_parts = asset_cpe.split(":")
        cve_parts = cve_cpe.split(":")

        for i, (a, c) in enumerate(zip(asset_parts, cve_parts)):
            if c == "*":
                continue
            if a != c:
                return False
        return True

Vulnerability Workflow

Auto-Triage System

class VulnerabilityTriage:
    """Automated vulnerability triage based on risk factors."""

    SLA = {
        "CRITICAL": {"response": 24, "remediation": 72},
        "HIGH": {"response": 48, "remediation": 168},
        "MEDIUM": {"response": 168, "remediation": 720},
        "LOW": {"response": 720, "remediation": 2160}
    }

    def calculate_priority(self, vuln: dict, asset: dict) -> dict:
        """Calculate priority score for vulnerability."""
        base_score = vuln.get("cvss_score", 5.0)

        # Adjust for asset criticality
        criticality_multiplier = {
            "critical": 1.5,
            "high": 1.2,
            "medium": 1.0,
            "low": 0.8
        }
        adjusted_score = base_score * criticality_multiplier.get(
            asset.get("criticality", "medium"), 1.0
        )

        # Adjust for exploit availability
        if vuln.get("exploit_available"):
            adjusted_score *= 1.3

        # Adjust for internet exposure
        if asset.get("internet_facing"):
            adjusted_score *= 1.2

        # Cap at 10
        adjusted_score = min(adjusted_score, 10.0)

        severity = self._get_severity(adjusted_score)

        return {
            "priority_score": round(adjusted_score, 1),
            "severity": severity,
            "sla_response_hours": self.SLA[severity]["response"],
            "sla_remediation_hours": self.SLA[severity]["remediation"]
        }

    def _get_severity(self, score: float) -> str:
        if score >= 9.0: return "CRITICAL"
        if score >= 7.0: return "HIGH"
        if score >= 4.0: return "MEDIUM"
        return "LOW"

Compliance Reporting

Executive Dashboard Data

def generate_executive_summary(vulnerabilities: list) -> dict:
    """Generate executive summary metrics."""
    total = len(vulnerabilities)

    by_severity = {
        "CRITICAL": 0, "HIGH": 0, "MEDIUM": 0, "LOW": 0
    }

    sla_breaches = 0
    remediated_count = 0
    avg_remediation_time = 0

    for vuln in vulnerabilities:
        by_severity[vuln["severity"]] += 1

        if vuln.get("status") == "remediated":
            remediated_count += 1
            avg_remediation_time += vuln.get("remediation_hours", 0)

        if vuln.get("sla_breached"):
            sla_breaches += 1

    if remediated_count > 0:
        avg_remediation_time /= remediated_count

    return {
        "total_vulnerabilities": total,
        "by_severity": by_severity,
        "sla_compliance_rate": round((1 - sla_breaches / total) * 100, 1) if total > 0 else 100,
        "remediation_rate": round(remediated_count / total * 100, 1) if total > 0 else 0,
        "avg_remediation_hours": round(avg_remediation_time, 1),
        "critical_open": by_severity["CRITICAL"],
        "high_open": by_severity["HIGH"]
    }

Compliance Framework Mapping

NIST Cybersecurity Framework:
  ID.RA-1: Asset vulnerabilities identified
  ID.RA-2: Threat intelligence received
  PR.IP-12: Vulnerability management plan
  DE.CM-8: Vulnerability scans performed
  RS.MI-3: Vulnerabilities mitigated

ISO 27001:
  A.12.6.1: Technical vulnerability management
  A.18.2.3: Technical compliance review

SOC 2:
  CC7.1: Vulnerability management procedures
  CC7.2: Security event monitoring

PCI DSS:
  6.1: Vulnerability identification process
  6.2: Security patches installation
  11.2: Quarterly vulnerability scans

Integration Patterns

SIEM Integration:
  - Forward high/critical alerts
  - Enrich events with CVE data
  - Automated incident creation

Ticketing Systems:
  - Auto-create tickets for new vulns
  - Track remediation progress
  - SLA monitoring

CI/CD Pipeline:
  - Pre-deployment vulnerability check
  - Block deployments with critical CVEs
  - Automated dependency updates

Notification:
  - Slack: Critical alerts
  - Email: Daily/weekly summaries
  - PagerDuty: SLA breaches

Best Practices

Data Quality:
  - Deduplicate findings
  - Validate against authoritative sources
  - Enrich with threat intelligence
  - Track remediation history

Performance:
  - Incremental updates (not full sync)
  - Batch processing for analysis
  - Cache CVSS calculations
  - Index by CPE for fast matching

Security:
  - API rate limiting
  - Data encryption at rest
  - Role-based access control
  - Audit logging

Лучшие практики

Prioritize by risk — не все CVEs равны, учитывайте контекст
Automate triage — автоматизируйте рутинную классификацию
Track SLAs — мониторьте время реагирования
Integrate everywhere — связывайте с CI/CD, ticketing, SIEM
Report to executives — регулярные отчёты руководству
Continuous monitoring — не только periodic scans

GitHub Repository

majiayu000/claude-skill-registry

Path: skills/cve-tracking-system

Related Skills

algorithmic-art

subagent-driven-development

Development

This skill executes implementation plans by dispatching a fresh subagent for each independent task, with code review between tasks. It enables fast iteration while maintaining quality gates through this review process. Use it when working on mostly independent tasks within the same session to ensure continuous progress with built-in quality checks.

View skill

executing-plans

Design

Use the executing-plans skill when you have a complete implementation plan to execute in controlled batches with review checkpoints. It loads and critically reviews the plan, then executes tasks in small batches (default 3 tasks) while reporting progress between each batch for architect review. This ensures systematic implementation with built-in quality control checkpoints.

View skill

cost-optimization

Other

This Claude Skill helps developers optimize cloud costs through resource rightsizing, tagging strategies, and spending analysis. It provides a framework for reducing cloud expenses and implementing cost governance across AWS, Azure, and GCP. Use it when you need to analyze infrastructure costs, right-size resources, or meet budget constraints.

View skill